heroiclabs / nakama

Distributed server for social and realtime games and apps.
https://heroiclabs.com
Apache License 2.0
9.09k stars 1.1k forks source link

Support OpenID Connect for authentication #106

Open nynymike opened 7 years ago

nynymike commented 7 years ago

Instead of implementing password authentication, it would be nice if there was an option to point at an existing OpenID Connect Provider, for example Google, or even a locally hosted OP (if your organization perhaps offers more then one game). The auth module should handle dynamic enrollment with information returned from the profile scope. Futhermore, rather then hard-coding password support, OpenID Connect would enable stronger, and more convenient types of authentication. There are many open source OpenID Connect providers (like the Gluu Server). Centralizing security is highly beneficial. Who cares if I break into your game? The problem with that is that many people use the same passwords for their game accounts that they use for other higher value services.

novabyte commented 7 years ago

@nynymike We do have support for Google and Facebook over OAuth as well as Game Center and Steam. This is alongside email/password, device-based identification, and support for custom authentication providers. You can see it in our docs under authentication.

We focus all feature development based on requests from developers and studios who use Nakama with their projects. I've not come across Gluu server before. Is it heavily used in the games market? Which studios use it to manage user identity and authentication?

nynymike commented 7 years ago

Google is an OpenID Connect provider, so if you support Google, you are pretty close already. I missed the docs. I was looking at the authn code itself, and didn't see it.

For security reasons, we don't disclose information about Gluu customers. However, Gluu is just one of many certified OpenID Providers: http://openid.net/certification/